GP Records - Gross Misconduct
Discussion
I'm in a bit of shock about what I've just become aware of and would like any advice, any thoughts, any suggestions, anything?
I've just found out that a vulnerable person saw an NHS professional in August for one session and the outcome for that person was catastrophic - sorry I can't say what but it was / is life changing.
They were discharged from that service in August within days.
The department the professional works in (the specific name of who has logged in is unknown) has now logged into the persons GP records 75 times to date and counting.
I'm staggered by this and subjectively if feels like harassment as well as it being against all the principles and rules of GDPR.
GDPR says accessing records must be for "clinical need" and the person was not even a patient of that department when the records were accessed - indeed they are being accessed several times a day now, every day.
What should I do?
Please help me work this one out.
paul_c123 said:
Who is alleging the "Gross Misconduct"?
How can simply accessing records be harassment unless the person whose records are accessed, is harmed each time this occurs?
The "harrassment " if you look again was presented as subjective.How can simply accessing records be harassment unless the person whose records are accessed, is harmed each time this occurs?
My question is what should I do?
A vulnerable person has had their GP records accessed 75 times for no clinical reason.
I guess, a question to all could be, " How would you feel if your GP records had been accessed 75 times most likely but not conclusively by the same person for no clinical reason?'"
RGG said:
I guess, a question to all could be, " How would you feel if your GP records had been accessed 75 times most likely but not conclusively by the same person for no clinical reason?'"
I wouldn't feel anything because I wouldn't know because I don't routinely check.I am assuming we are talking about you accusing a member of staff of accessing the records, not a data breach where sensitive or personal information is put into the public domain.
Why are you saying that only the department is known, not the user, who accessed the records? Every nhs user should have their own smart card which is used for any session on a device used to access records. It’s extremely bad practice for there to be a “departmental” card and/or shared cards left in devices.
Although clinical staff can access records there has to be a clear clinical need/patient benefit for each and every access. Accessing a patient record without such a reason is a clear, severe, disciplinary issue.
You seem to have some information about the access pattern, can you clarify how you got this? I would be pressing the source for more information on user id and the basis for each and every access. They may not be able to tell *you* the user name but they should be able to justify what they are doing about the access.
Although clinical staff can access records there has to be a clear clinical need/patient benefit for each and every access. Accessing a patient record without such a reason is a clear, severe, disciplinary issue.
You seem to have some information about the access pattern, can you clarify how you got this? I would be pressing the source for more information on user id and the basis for each and every access. They may not be able to tell *you* the user name but they should be able to justify what they are doing about the access.
PhilboSE said:
You seem to have some information about the access pattern, can you clarify how you got this? I would be pressing the source for more information on user id and the basis for each and every access. They may not be able to tell *you* the user name but they should be able to justify what they are doing about the access.
This - the lack of context makes this unanswerable.RGG said:
I'm in a bit of shock about what I've just become aware of and would like any advice, any thoughts, any suggestions, anything?
I've just found out that a vulnerable person saw an NHS professional in August for one session and the outcome for that person was catastrophic - sorry I can't say what but it was / is life changing.
They were discharged from that service in August within days.
The department the professional works in (the specific name of who has logged in is unknown) has now logged into the persons GP records 75 times to date and counting.
I'm staggered by this and subjectively if feels like harassment as well as it being against all the principles and rules of GDPR.
GDPR says accessing records must be for "clinical need" and the person was not even a patient of that department when the records were accessed - indeed they are being accessed several times a day now, every day.
What should I do?
Please help me work this one out.
Is the information being accessed by an actual person?I've just found out that a vulnerable person saw an NHS professional in August for one session and the outcome for that person was catastrophic - sorry I can't say what but it was / is life changing.
They were discharged from that service in August within days.
The department the professional works in (the specific name of who has logged in is unknown) has now logged into the persons GP records 75 times to date and counting.
I'm staggered by this and subjectively if feels like harassment as well as it being against all the principles and rules of GDPR.
GDPR says accessing records must be for "clinical need" and the person was not even a patient of that department when the records were accessed - indeed they are being accessed several times a day now, every day.
What should I do?
Please help me work this one out.
Could the access be an automated process for AI, statistical, audit, etc purposes?
Super Sonic said:
How do you know the records were
(a) accessed 75 times ?
(b)by (you believe) the same person ?
(c) for no medical reason ?
Do you have any idea who was doing the accessing?
a) The person has access to their records through Systmonline and can see on their "Record Audit" that the same department has accessed the records 75 times, currently several times a day.(a) accessed 75 times ?
(b)by (you believe) the same person ?
(c) for no medical reason ?
Do you have any idea who was doing the accessing?
b) The department is where the Professional is based, the one who saw them them in August on one occasion only and then discharged them.
c) They were discharged, so no clinical reason ) i.e. further contact) - this is a question if I make a complaint on their behalf.
paul_c123 said:
RGG said:
I guess, a question to all could be, " How would you feel if your GP records had been accessed 75 times most likely but not conclusively by the same person for no clinical reason?'"
I wouldn't feel anything because I wouldn't know because I don't routinely check.I am assuming we are talking about you accusing a member of staff of accessing the records, not a data breach where sensitive or personal information is put into the public domain.
This is not a receptionist having a casual look in, it was 75 X.
Mandat said:
RGG said:
I'm in a bit of shock about what I've just become aware of and would like any advice, any thoughts, any suggestions, anything?
I've just found out that a vulnerable person saw an NHS professional in August for one session and the outcome for that person was catastrophic - sorry I can't say what but it was / is life changing.
They were discharged from that service in August within days.
The department the professional works in (the specific name of who has logged in is unknown) has now logged into the persons GP records 75 times to date and counting.
I'm staggered by this and subjectively if feels like harassment as well as it being against all the principles and rules of GDPR.
GDPR says accessing records must be for "clinical need" and the person was not even a patient of that department when the records were accessed - indeed they are being accessed several times a day now, every day.
What should I do?
Please help me work this one out.
Is the information being accessed by an actual person?I've just found out that a vulnerable person saw an NHS professional in August for one session and the outcome for that person was catastrophic - sorry I can't say what but it was / is life changing.
They were discharged from that service in August within days.
The department the professional works in (the specific name of who has logged in is unknown) has now logged into the persons GP records 75 times to date and counting.
I'm staggered by this and subjectively if feels like harassment as well as it being against all the principles and rules of GDPR.
GDPR says accessing records must be for "clinical need" and the person was not even a patient of that department when the records were accessed - indeed they are being accessed several times a day now, every day.
What should I do?
Please help me work this one out.
Could the access be an automated process for AI, statistical, audit, etc purposes?
The Gp records show just the department, the patient doesn't see the individuals name.
BUT, clearly the person who has logged in 75 X all be known by the NHS Trust
concerned.
I know this for a fact.
Mandat said:
RGG said:
I'm in a bit of shock about what I've just become aware of and would like any advice, any thoughts, any suggestions, anything?
I've just found out that a vulnerable person saw an NHS professional in August for one session and the outcome for that person was catastrophic - sorry I can't say what but it was / is life changing.
They were discharged from that service in August within days.
The department the professional works in (the specific name of who has logged in is unknown) has now logged into the persons GP records 75 times to date and counting.
I'm staggered by this and subjectively if feels like harassment as well as it being against all the principles and rules of GDPR.
GDPR says accessing records must be for "clinical need" and the person was not even a patient of that department when the records were accessed - indeed they are being accessed several times a day now, every day.
What should I do?
Please help me work this one out.
Is the information being accessed by an actual person?I've just found out that a vulnerable person saw an NHS professional in August for one session and the outcome for that person was catastrophic - sorry I can't say what but it was / is life changing.
They were discharged from that service in August within days.
The department the professional works in (the specific name of who has logged in is unknown) has now logged into the persons GP records 75 times to date and counting.
I'm staggered by this and subjectively if feels like harassment as well as it being against all the principles and rules of GDPR.
GDPR says accessing records must be for "clinical need" and the person was not even a patient of that department when the records were accessed - indeed they are being accessed several times a day now, every day.
What should I do?
Please help me work this one out.
Could the access be an automated process for AI, statistical, audit, etc purposes?
The 75 X entries are from a clinical department that the professional who saw them in August is working from.
Digger said:
RGG said:
BUT, clearly the person who has logged in 75 X all be known by the NHS Trust
concerned.
I know this for a fact.
How do you know this as fact?concerned.
I know this for a fact.
Example - NMC Nursing Midwifery Council - you can look up the hearings - Nurses are sacked for it.
Looking someone up - just once - they will be sacked - The suspected professional is much higher in status.
Edited by RGG on Thursday 20th November 01:10
Edited by RGG on Thursday 20th November 01:23
If you think someone is guilty of misconduct, then although I am only very vaguely aware of the facts, and have never worked for the NHS so don't know about it's rules, procedures or organisation, I think it would be obvious they should be reported.
Not sure what you're asking on here for.
Not sure what you're asking on here for.
Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff